We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

An international coalition of 23 privacy regulators released a plea to app marketplaces to act like “a responsible corporate citizen” and make it mandatory for developers to post links to privacy policies prior to download when the app collects personal information.

“While app developers clearly have a responsibility to communicate their privacy practices, mobile operating system developers and other app marketplace operators play a unique and integral role in users’ interactions with apps, made available through their various app stores and app marketplaces,” according to the letter. “The app marketplace is an important consumer landing spot where individuals can search for new apps, read reviews, and access technical information about a particular app prior to downloading it – and this information is made available so individuals can make informed decisions about products in that marketplace.”

The open letter – sent to Amazon, Apple, BlackBerry, Google, Microsoft, Nokia, and Samsung – noted that app marketplaces already communicate important details related to the apps they make available such as app function, age rating, size, and version, and that privacy-related information should also be communicated in order for consumers to make meaningful decisions about which apps to download. While some developers include privacy policy links, the practice is not consistently applied, the regulators wrote.

The letter cited a study released earlier this year, when members of the Global Privacy Enforcement Network conducted a “privacy sweep” to analyze the privacy disclosures of mobile apps. The GPEN privacy regulators examined 1,211 mobile apps and found that “a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used.”

Authorities from countries ranging from Canada and Hong Kong to China and Italy all stated that given the “wide-range and potential sensitivity of the data stored in mobile devices, we firmly believe that privacy practice information (for example, privacy policy links) should be required (and not optional) for apps that collect data in and through mobile devices within an app marketplace store.”

A privacy policy link can “provide a simple and convenient manner for individuals to obtain privacy-related information which they need to be meaningfully informed regarding the collection and use of their data before making the decision to download the app,” the letter stated. “We therefore expect a marketplace operator would put in practice, if it has not already, this advice, and implement the necessary protections, to ensure the privacy practice transparency of apps offered in their stores.”

Why it matters: “Links to privacy policies on the app marketplace appear to be optional but we think developers that collect personal information should be required to provide a link,” Daniel Therrien, Canada’s Privacy Commissioner, said in a statement, suggesting that without a privacy policy, “it’s difficult for consumers to provide meaningful consent.” The letter tracks a similar effort made in California by Attorney General Kamala Harris, who released a set of “privacy best practices” for app developers, platform providers, ad networks, and others in the mobile ecosystem, calling for privacy policies to be made available to consumers prior to download.

Compare jurisdictions:Data Security & Cybercrime

"Lexology is a very relevant and interesting resource for South African in-house lawyers. The newsfeeds are a good measure of a firm's expertise and offer an interesting insight into recent legal developments. I would highly recommend Lexology to colleagues."